Cyber Incident Victim: Pacific Market Research

On or around May 22, 2021, Pacific Market Research (PMR), a Renton-based market research company, experienced a ransomware attack compromising its data systems. An unauthorized actor gained access to PMR’s network and encrypted the organization’s servers, disrupting operations and potentially exposing sensitive information. The incident directly impacted PMR’s client, the Washington State Department of Labor and Industries (L&I), as an L&I file containing worker data was affected during the breach. PMR notified L&I of the attack, though the exact timeline between the intrusion and client notification remains unspecified in available reports. The company did not publicly disclose technical details regarding the ransomware variant, initial attack vector, or duration of network compromise prior to detection.

The breach exposed sensitive personal information belonging to over 16,000 workers associated with L&I, though the specific data categories (e.g., Social Security numbers, financial records) were not detailed in state disclosures. L&I issued a news release on an unspecified Thursday following PMR’s notification, confirming the file compromise and potential worker data exposure. No evidence suggests ransomware operators exfiltrated or publicly leaked the data beyond encrypting PMR’s systems. The incident triggered a state-level disclosure process under Washington’s data breach notification laws, but neither PMR nor L&I confirmed whether ransom demands were made or paid. Operational disruptions to PMR’s services or L&I’s workflows were not described in the limited public reporting. The attack highlighted third-party risks to state agencies through contractor networks handling sensitive employee information.